CVE-2007-3615

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.

El Internet Communication Manager (también conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente sólo bajo Windows, permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de un URI de cierta longitud que contenga el parámetro sap-isc-key, relacionado con la configuración del caché de la web.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-06 CVE Reserved
2007-07-06 CVE Published
2024-06-16 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html	Mailing List
http://osvdb.org/38095	Vdb Entry
http://securityreason.com/securityalert/2875	Third Party Advisory
http://www.securityfocus.com/archive/1/472890/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/24774	Vdb Entry
http://www.securitytracker.com/id?1018336	Vdb Entry
http://www.vupen.com/english/advisories/2007/2450	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/35278	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/25964	2018-10-15

URL	Date	SRC
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos	2018-10-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sap Search vendor "Sap"	Internet Communication Manager Search vendor "Sap" for product "Internet Communication Manager"	*	-	Affected	in	Microsoft Search vendor "Microsoft"	All Windows Search vendor "Microsoft" for product "All Windows"	*	-	Safe
Sap Search vendor "Sap"	Sap Web Application Server Search vendor "Sap" for product "Sap Web Application Server"	6.10 Search vendor "Sap" for product "Sap Web Application Server" and version "6.10"	-	Affected	in	Microsoft Search vendor "Microsoft"	All Windows Search vendor "Microsoft" for product "All Windows"	*	-	Safe
Sap Search vendor "Sap"	Sap Web Application Server Search vendor "Sap" for product "Sap Web Application Server"	6.20 Search vendor "Sap" for product "Sap Web Application Server" and version "6.20"	-	Affected	in	Microsoft Search vendor "Microsoft"	All Windows Search vendor "Microsoft" for product "All Windows"	*	-	Safe
Sap Search vendor "Sap"	Sap Web Application Server Search vendor "Sap" for product "Sap Web Application Server"	6.40 Search vendor "Sap" for product "Sap Web Application Server" and version "6.40"	-	Affected	in	Microsoft Search vendor "Microsoft"	All Windows Search vendor "Microsoft" for product "All Windows"	*	-	Safe
Sap Search vendor "Sap"	Sap Web Application Server Search vendor "Sap" for product "Sap Web Application Server"	7.0 Search vendor "Sap" for product "Sap Web Application Server" and version "7.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	All Windows Search vendor "Microsoft" for product "All Windows"	*	-	Safe
Sap Search vendor "Sap"	Sap Web Application Server Search vendor "Sap" for product "Sap Web Application Server"	7.0.10 Search vendor "Sap" for product "Sap Web Application Server" and version "7.0.10"	-	Affected	in	Microsoft Search vendor "Microsoft"	All Windows Search vendor "Microsoft" for product "All Windows"	*	-	Safe